diff options
Diffstat (limited to 'sys-apps/shadow')
| -rw-r--r-- | sys-apps/shadow/Manifest | 15 | ||||
| -rw-r--r-- | sys-apps/shadow/files/default/useradd | 7 | ||||
| -rw-r--r-- | sys-apps/shadow/files/pam.d-include/passwd | 8 | ||||
| -rw-r--r-- | sys-apps/shadow/files/pam.d-include/shadow | 8 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch | 10 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.4-CVE-2017-2616.patch | 62 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.4-load_defaults.patch | 37 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.4-prototypes.patch | 42 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.4-su-snprintf.patch | 29 | ||||
| -rw-r--r-- | sys-apps/shadow/metadata.xml | 17 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.4-r2.ebuild | 214 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.5.ebuild | 210 |
12 files changed, 659 insertions, 0 deletions
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest new file mode 100644 index 000000000000..94620e46e930 --- /dev/null +++ b/sys-apps/shadow/Manifest @@ -0,0 +1,15 @@ +AUX default/useradd 96 SHA256 31aa2cbe4a34a9f7d4d134c1fecd007c9bbf4d40e19d0dcddbcd396f1853b490 SHA512 87b01ac88c2065392fa988871489d8403ef93341b4cfbadb4504f39a2a3396ddef756efc6378868d00627a58a1feb9612eb52a8135558a211a09c6a9ccf3404f WHIRLPOOL 9022a371e34e96a4c3193f24752979da27cdcd60aec1c8db1d2b427ab880b16917578ddcb4d8af02fd1d0eedc6b346cf43d7ae892e8580321e32e50f5498980b +AUX pam.d-include/passwd 144 SHA256 8c54d2e3aab50b2a8d3d36aa37f7d7bb32c15d9a3af9a10b7ec5b5ffcff9a5fb SHA512 31611a08d97cd2c129f18d451a555ff6c781f91603c77fc0c66ff406b5fa4a97db19ae4ce104816a6324529d10e131de0d5329646bdab2abc8dc3ee5b82b057f WHIRLPOOL 879370adfb6a78c0acdeebf2c10a503d94925c34dceadb8677693f6c34e4e973f2584b221a9a81fdf23f084c430bbafa23a03440c1a95c798b58faedf4d412bd +AUX pam.d-include/shadow 152 SHA256 7fc1ccca85d2b1ac4dad9909792453c8d26e9aeab48c620d861a92b9355ac69f SHA512 d07611c350d0d6f3386db5080c80a84e4135cf33e44fd3a390cb1092e034f9bd2a69495fadd4bda6ede9962e9658e77f2c8e12d3189cdcda6c7b3c607336f0c3 WHIRLPOOL 2b5282f983b5bf52c0311c2153dba2d12f6c07ae803d1723010bf4bbf4962d120aea026d32b1f3b062778da5222e7cb16dc39660e53b72173fba723a57b616de +AUX shadow-4.1.3-dots-in-usernames.patch 302 SHA256 2299ffaec204d20e00d791bf5b982571c9261a74c7a7b865a9f7cad1cdcb43ba SHA512 ad20fb3f4f0292f39b5da796e41df71e9e8b1b81dd11a99b2d988440c1b435b0061333a0a5a37a909598d5a840a75946e8c59c74426bae7452de88cf673a5f7d WHIRLPOOL f0258b24f7731ab7b15a1fca391593c8bbd6bdf2ddad57af1d7960d05af49bc5b706039caa576646cb3d817d2d4ad8e89526b12fe046301c63c1518d01dcf173 +AUX shadow-4.4-CVE-2017-2616.patch 2159 SHA256 1f6d321372ee9cf1260c9de3c5d5070f6e263e20c2761c1d93df176505fcb7df SHA512 72cba0857ac6611532a99769d22568816d21a29f77f76f9d22e6b5b400cb936088087e811e9715cb891c70a11c76321653611a2c49d85acb1b163158863634fe WHIRLPOOL cd85fc3377d92a6116b825a866cea041a2b8c783710767b68fcd08b7f33fc8d2544dc0c80e0686b24de06b9c48c09aea118402dc2437e11318042c39905ba5e5 +AUX shadow-4.4-load_defaults.patch 1027 SHA256 3c5679b99dd79d69d161e8916175b298540fad21e6391224e5c0021a27d04060 SHA512 c821149fdcb71b0c1c7b0de72126a3ec625bd54f2edaff1666ccd30abe3f3d516db329dbe873ae020a6670f93caaf7d235283666113d5b02936043d6dd976d36 WHIRLPOOL 81389edb7a04fa34ba1d8560e63b626eb83662c11c2a532d91e207a128337ffc3e6d4b1a8a99ab1693a943d156ad1dd82f3dd7b09f9e320fd9b2706b62a76430 +AUX shadow-4.4-prototypes.patch 1232 SHA256 5b66e3ae613a01209ea4be1ebdd4bf3e88e7a1a78ff3f27779865bd82007ae78 SHA512 970f79efaf77e91baa22049230f2a97e6a045f2f03ef846f4c35dc4f5702941e61db5b6544c24d112faafd6d516fc5054725039f28fe81e17926a5e8ef6f0432 WHIRLPOOL 1d9ec7f3c84046621e5176697b76ee9d428533d1f873d138ce61038fe780cd3475cbab869c00c7457fcb4535edd93bb5e596eae4c12a2d640356c212f016e4c4 +AUX shadow-4.4-su-snprintf.patch 849 SHA256 6a9c8f35de35a5cfd72b2983a58619b189e77afd970ef0d45efd3dc2b06f8fbd SHA512 2aaa1c847ec34002c6e63af66fb36664e0fc5dc0b719ab38959043f990e84191f5e2f85c2dc44e324abcfe67691c9a9b8181da49077031e2eaaf979dde95b2d9 WHIRLPOOL 20457ef69fde1e3e974640e27c16e70d030036bbe9e889bdc1e63e9220e88776dd6c04a1f84fbafbffd92293940aaaacc810569abdbaab07f9a514e318ea7a92 +DIST shadow-4.4.tar.gz 3706812 SHA256 2398fe436e548786c17ec387b4c41f5339f72ec9ee2f3f7a6e0cc2cb240bb482 SHA512 c1e0f65a4fbd0f9d8de38e488b4a374cac5c476180e233269fc666988d9201c0dcc694605c5e54d54f81039c2e30c95b14c12f10adef749a45cc31f0b4b5d5a6 WHIRLPOOL a22fc0f90ec0623cbbcef253378a16ad605cf71345074880e3fd12fb5914058d3e721f378730c9684497cc597595b7defc7e710206268ae320a090c8c35fd41e +DIST shadow-4.5.tar.gz 3804933 SHA256 ed2d53bd0e80cf32261e82b8d93684334e8809266dba1ec7a42bfa747605989e SHA512 02d6482a1159689e404dd49a68b4e2db85e9ffdcdfbacc8efcbd9043f14a1ec3fc4d749700df915d375df67d589219b6b0f57a6cfd9fb5b197012888a608913b WHIRLPOOL 73552aff621cf34ef977095a05d9b679b7b6ffa78979d69eeb43089564aca5cc1d841dc9cbb6f0fba4c4f712f0e89f6cc683b733ea1041e4633b5d9fe58b5499 +EBUILD shadow-4.4-r2.ebuild 5520 SHA256 6faffddd4a8a4d950d3d5e962d6b09a9ca178c0ad4312e2a5698ec9337992f62 SHA512 c6becedeaf7faf85960cd3e198dff4c0e60d13af6b27127110f146f049bac0fdf068b65ba472ff035c97afc18aa3e9f5d2cdf2f17869b76828329ba7f481a51b WHIRLPOOL 6b0295f648bab88918ddebf10fd187a73790f42a9d1f152bb4f8595bdd28ba02c4ff36d28c81460f69e41d972d610147bf582d43234afa454b929d5e8a224a47 +EBUILD shadow-4.5.ebuild 5363 SHA256 ce3015885fd40e388d534a75af4442a5904251f7ce941ce871237fb132534ec8 SHA512 4f24d90b0e0e796915d3a0b6c4c100d2fb3d186e269bc64b973281d9e5f4071dfe0b22a9a9b38f07fb85f2153b01ce35174bb1dc46f9a2ea453bbbc172d8a936 WHIRLPOOL dffb76d9dfc424de739d23b4a8da3c5e1a22cbe4aaa3922969e49d45a07eaf5af4e0339c32095081daa7ae0b61d886a9d99783a2c0eda714e032df868be63dd0 +MISC ChangeLog 4723 SHA256 b09aaf93b341c840a85e4f81ed72b1ab7f421d1ff4e6e55410f79cbcd8060b15 SHA512 366b0aa5ff325929c4a8d9523e82e4eeda9dc0ed4e1dcfed123c08a9c632a7d79b50baee39c2c5a26325d7764295a03438d990b2b28f1dc3252ff4850fe97bb4 WHIRLPOOL 513e5c3afa9f5fe3036a35639b8cf926f42627101836ee201afcd4c9c8c463b71f387197e53112184511e057739ce6b43942a87a71cb49e77affe282e5364526 +MISC ChangeLog-2015 51089 SHA256 bbd5750c5403da96d5875738418b68a3884025a85391885fced1d202f97187ee SHA512 8741d75131d25e4524c7a243338e26e614ce81411c0c58725028717c16ace08ec3aa665b8af3eaa4a6f94a23debfed07524bda6d2e2652a05bc290c30322b9ab WHIRLPOOL eb08c4506cbab719018752c00167a531cc6ca5075965921466906cfc3db75dd69276e06115a5893cb7a22f099a563a86b295ccac7e410af037c968ea53c1620a +MISC metadata.xml 565 SHA256 22160798da478d70befbd4da3ef283bc66ad650168d2cf8947a4aa9935748dc0 SHA512 be29faf2eb981bdb0d643ca691d48b10ee702c3a32ca7fca1d00365aa1c4beb5b1b4bec8104be4352fed32f3fabc3108061b8eb8f0054e612c268b5c6f4b1469 WHIRLPOOL 2194536e374b86cd2e2b078e076f2ce6b3758794ac8812a9db2a189d88013c35f142bc34e0ef4320b04f3b253632c317a8f8c2a901e965c0a85e9ba5bb5a32d9 diff --git a/sys-apps/shadow/files/default/useradd b/sys-apps/shadow/files/default/useradd new file mode 100644 index 000000000000..ae81dbb3a02b --- /dev/null +++ b/sys-apps/shadow/files/default/useradd @@ -0,0 +1,7 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/bash +SKEL=/etc/skel diff --git a/sys-apps/shadow/files/pam.d-include/passwd b/sys-apps/shadow/files/pam.d-include/passwd new file mode 100644 index 000000000000..960b32eab3eb --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/passwd @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so +auth include system-auth + +account include system-auth + +password include system-auth diff --git a/sys-apps/shadow/files/pam.d-include/shadow b/sys-apps/shadow/files/pam.d-include/shadow new file mode 100644 index 000000000000..743b2f0260d6 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/shadow @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so +auth required pam_permit.so + +account include system-auth + +password required pam_permit.so diff --git a/sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch new file mode 100644 index 000000000000..efcb33dbd9ef --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch @@ -0,0 +1,10 @@ +--- shadow-4.1.3/libmisc/chkname.c ++++ shadow-4.1.3/libmisc/chkname.c +@@ -66,6 +66,7 @@ + ( ('0' <= *name) && ('9' >= *name) ) || + ('_' == *name) || + ('-' == *name) || ++ ('.' == *name) || + ( ('$' == *name) && ('\0' == *(name + 1)) ) + )) { + return false; diff --git a/sys-apps/shadow/files/shadow-4.4-CVE-2017-2616.patch b/sys-apps/shadow/files/shadow-4.4-CVE-2017-2616.patch new file mode 100644 index 000000000000..b788ec35342f --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.4-CVE-2017-2616.patch @@ -0,0 +1,62 @@ +From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Thu, 23 Feb 2017 09:47:29 -0600 +Subject: [PATCH] su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. +--- + src/su.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index f20d230..d86aa86 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); +@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) + snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/sys-apps/shadow/files/shadow-4.4-load_defaults.patch b/sys-apps/shadow/files/shadow-4.4-load_defaults.patch new file mode 100644 index 000000000000..4c0b84f68036 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.4-load_defaults.patch @@ -0,0 +1,37 @@ +From 507f96cdeb54079fb636c7ce21e371f7a16a520e Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tmraz@fedoraproject.org> +Date: Thu, 25 Aug 2016 11:20:34 +0200 +Subject: [PATCH] Fix regression in useradd not loading defaults properly. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The get_defaults() has to be called before processing the flags. + +Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org> +--- + src/useradd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index fefa234..6c43e7e 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2027,6 +2027,8 @@ int main (int argc, char **argv) + is_shadow_grp = sgr_file_present (); + #endif + ++ get_defaults (); ++ + process_flags (argc, argv); + + #ifdef ENABLE_SUBIDS +@@ -2036,8 +2038,6 @@ int main (int argc, char **argv) + (!user_id || (user_id <= uid_max && user_id >= uid_min)); + #endif /* ENABLE_SUBIDS */ + +- get_defaults (); +- + #ifdef ACCT_TOOLS_SETUID + #ifdef USE_PAM + { diff --git a/sys-apps/shadow/files/shadow-4.4-prototypes.patch b/sys-apps/shadow/files/shadow-4.4-prototypes.patch new file mode 100644 index 000000000000..5209a2988f7b --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.4-prototypes.patch @@ -0,0 +1,42 @@ +https://github.com/shadow-maint/shadow/pull/53 + +From 32c0b283ef5d68b63e4ec05fb22ed0db938fea67 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Mon, 5 Dec 2016 17:15:29 -0500 +Subject: [PATCH] include getdef.h for getdef_bool prototype + +Otherwise we get build warnings like: +sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration] +shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration] +--- + lib/sgroupio.c | 1 + + lib/shadowio.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/lib/sgroupio.c b/lib/sgroupio.c +index f2685779a12b..5423626a01da 100644 +--- a/lib/sgroupio.c ++++ b/lib/sgroupio.c +@@ -40,6 +40,7 @@ + #include "prototypes.h" + #include "defines.h" + #include "commonio.h" ++#include "getdef.h" + #include "sgroupio.h" + + /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent) +diff --git a/lib/shadowio.c b/lib/shadowio.c +index 6e44ab24d69c..5fa3d312bbf9 100644 +--- a/lib/shadowio.c ++++ b/lib/shadowio.c +@@ -40,6 +40,7 @@ + #include <shadow.h> + #include <stdio.h> + #include "commonio.h" ++#include "getdef.h" + #include "shadowio.h" + #ifdef WITH_TCB + #include <tcb.h> +-- +2.11.0.rc2 + diff --git a/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch b/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch new file mode 100644 index 000000000000..45667c8e4bf9 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch @@ -0,0 +1,29 @@ +fix from upstream + +From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn <serge@hallyn.com> +Date: Sun, 18 Sep 2016 21:31:18 -0500 +Subject: [PATCH] su.c: fix missing length argument to snprintf + +--- + src/su.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index 0c50a9456afd..93ffd2fbe2b4 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void) + stderr); + (void) kill (-pid_child, caught); + +- snprintf (kill_msg, _(" ...killed.\n")); +- snprintf (wait_msg, _(" ...waiting for child to terminate.\n")); ++ snprintf (kill_msg, 256, _(" ...killed.\n")); ++ snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); + (void) alarm (2); +-- +2.11.0.rc2 + diff --git a/sys-apps/shadow/metadata.xml b/sys-apps/shadow/metadata.xml new file mode 100644 index 000000000000..2cabe8fe4fe6 --- /dev/null +++ b/sys-apps/shadow/metadata.xml @@ -0,0 +1,17 @@ +<?xml version='1.0' encoding='UTF-8'?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> + </maintainer> + <maintainer type="project"> + <email>pam-bugs@gentoo.org</email> + <name>Pluggable Authentication Method maintenance</name> + </maintainer> + <!-- only for USE=pam --> + <upstream> + <remote-id type="cpe">cpe:/a:debian:shadow</remote-id> + <remote-id type="github">shadow-maint/shadow</remote-id> + </upstream> +</pkgmetadata> diff --git a/sys-apps/shadow/shadow-4.4-r2.ebuild b/sys-apps/shadow/shadow-4.4-r2.ebuild new file mode 100644 index 000000000000..c14915cc1965 --- /dev/null +++ b/sys-apps/shadow/shadow-4.4-r2.ebuild @@ -0,0 +1,214 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit eutils libtool pam multilib + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/" +SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="acl audit cracklib nls pam selinux skey xattr" +# Taken from the man/Makefile.am file. +LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) +IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})" + +RDEPEND="acl? ( sys-apps/acl:0= ) + audit? ( >=sys-process/audit-2.6:0= ) + cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) + pam? ( virtual/pam:0= ) + skey? ( sys-auth/skey:0= ) + selinux? ( + >=sys-libs/libselinux-1.28:0= + sys-libs/libsemanage:0= + ) + nls? ( virtual/libintl ) + xattr? ( sys-apps/attr:0= )" +DEPEND="${RDEPEND} + app-arch/xz-utils + nls? ( sys-devel/gettext )" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20150213 )" + +PATCHES=( + "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch + "${FILESDIR}"/${P}-su-snprintf.patch + "${FILESDIR}"/${P}-prototypes.patch + "${FILESDIR}"/${P}-load_defaults.patch + "${FILESDIR}"/${P}-CVE-2017-2616.patch #610804 +) + +src_prepare() { + epatch "${PATCHES[@]}" + epatch_user + #eautoreconf + elibtoolize +} + +src_configure() { + econf \ + --without-group-name-max-length \ + --without-tcb \ + --enable-shared=no \ + --enable-static=yes \ + $(use_with acl) \ + $(use_with audit) \ + $(use_with cracklib libcrack) \ + $(use_with pam libpam) \ + $(use_with skey) \ + $(use_with selinux) \ + $(use_enable nls) \ + $(use_with elibc_glibc nscd) \ + $(use_with xattr attr) + has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052 + + if use nls ; then + local l langs="po" # These are the pot files. + for l in ${LANGS[*]} ; do + use linguas_${l} && langs+=" ${l}" + done + sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die + fi +} + +set_login_opt() { + local comment="" opt=$1 val=$2 + if [[ -z ${val} ]]; then + comment="#" + sed -i \ + -e "/^${opt}\>/s:^:#:" \ + "${ED}"/etc/login.defs || die + else + sed -i -r \ + -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ + "${ED}"/etc/login.defs + fi + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" +} + +src_install() { + emake DESTDIR="${D}" suidperms=4711 install + + # Remove libshadow and libmisc; see bug 37725 and the following + # comment from shadow's README.linux: + # Currently, libshadow.a is for internal use only, so if you see + # -lshadow in a Makefile of some other package, it is safe to + # remove it. + rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} + + insinto /etc + if ! use pam ; then + insopts -m0600 + doins etc/login.access etc/limits + fi + + # needed for 'useradd -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + # move passwd to / to help recover broke systems #64441 + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym /bin/passwd /usr/bin/passwd + + cd "${S}" + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + + set_login_opt CREATE_HOME yes + if ! use pam ; then + set_login_opt MAIL_CHECK_ENAB no + set_login_opt SU_WHEEL_ONLY yes + set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict + set_login_opt LOGIN_RETRIES 3 + set_login_opt ENCRYPT_METHOD SHA512 + set_login_opt CONSOLE + else + dopamd "${FILESDIR}"/pam.d-include/shadow + + for x in chpasswd chgpasswd newusers; do + newpamd "${FILESDIR}"/pam.d-include/passwd ${x} + done + + for x in chage chsh chfn \ + user{add,del,mod} group{add,del,mod} ; do + newpamd "${FILESDIR}"/pam.d-include/shadow ${x} + done + + # comment out login.defs options that pam hates + local opt sed_args=() + for opt in \ + CHFN_AUTH \ + CONSOLE \ + CRACKLIB_DICTPATH \ + ENV_HZ \ + ENVIRON_FILE \ + FAILLOG_ENAB \ + FTMP_FILE \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + MOTD_FILE \ + NOLOGINS_FILE \ + OBSCURE_CHECKS_ENAB \ + PASS_ALWAYS_WARN \ + PASS_CHANGE_TRIES \ + PASS_MIN_LEN \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + SU_WHEEL_ONLY + do + set_login_opt ${opt} + sed_args+=( -e "/^#${opt}\>/b pamnote" ) + done + sed -i "${sed_args[@]}" \ + -e 'b exit' \ + -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ + -e ': exit' \ + "${ED}"/etc/login.defs || die + + # remove manpages that pam will install for us + # and/or don't apply when using pam + find "${ED}"/usr/share/man \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -delete + + # Remove pam.d files provided by pambase. + rm "${ED}"/etc/pam.d/{login,passwd,su} || die + fi + + # Remove manpages that are handled by other packages + find "${ED}"/usr/share/man \ + '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \ + -delete + + cd "${S}" + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc + dodoc HOWTO README* WISHLIST *.txt +} + +pkg_preinst() { + rm -f "${EROOT}"/etc/pam.d/system-auth.new \ + "${EROOT}/etc/login.defs.new" +} + +pkg_postinst() { + # Enable shadow groups. + if [ ! -f "${EROOT}"/etc/gshadow ] ; then + if grpck -r -R "${EROOT}" 2>/dev/null ; then + grpconv -R "${EROOT}" + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + einfo "The 'adduser' symlink to 'useradd' has been dropped." +} diff --git a/sys-apps/shadow/shadow-4.5.ebuild b/sys-apps/shadow/shadow-4.5.ebuild new file mode 100644 index 000000000000..343a1aa381d0 --- /dev/null +++ b/sys-apps/shadow/shadow-4.5.ebuild @@ -0,0 +1,210 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit eutils libtool pam multilib + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/" +SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86" +IUSE="acl audit cracklib nls pam selinux skey xattr" +# Taken from the man/Makefile.am file. +LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) +IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})" + +RDEPEND="acl? ( sys-apps/acl:0= ) + audit? ( >=sys-process/audit-2.6:0= ) + cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) + pam? ( virtual/pam:0= ) + skey? ( sys-auth/skey:0= ) + selinux? ( + >=sys-libs/libselinux-1.28:0= + sys-libs/libsemanage:0= + ) + nls? ( virtual/libintl ) + xattr? ( sys-apps/attr:0= )" +DEPEND="${RDEPEND} + app-arch/xz-utils + nls? ( sys-devel/gettext )" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20150213 )" + +PATCHES=( + "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch +) + +src_prepare() { + epatch "${PATCHES[@]}" + epatch_user + #eautoreconf + elibtoolize +} + +src_configure() { + econf \ + --without-group-name-max-length \ + --without-tcb \ + --enable-shared=no \ + --enable-static=yes \ + $(use_with acl) \ + $(use_with audit) \ + $(use_with cracklib libcrack) \ + $(use_with pam libpam) \ + $(use_with skey) \ + $(use_with selinux) \ + $(use_enable nls) \ + $(use_with elibc_glibc nscd) \ + $(use_with xattr attr) + has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052 + + if use nls ; then + local l langs="po" # These are the pot files. + for l in ${LANGS[*]} ; do + use linguas_${l} && langs+=" ${l}" + done + sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die + fi +} + +set_login_opt() { + local comment="" opt=$1 val=$2 + if [[ -z ${val} ]]; then + comment="#" + sed -i \ + -e "/^${opt}\>/s:^:#:" \ + "${ED}"/etc/login.defs || die + else + sed -i -r \ + -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ + "${ED}"/etc/login.defs + fi + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" +} + +src_install() { + emake DESTDIR="${D}" suidperms=4711 install + + # Remove libshadow and libmisc; see bug 37725 and the following + # comment from shadow's README.linux: + # Currently, libshadow.a is for internal use only, so if you see + # -lshadow in a Makefile of some other package, it is safe to + # remove it. + rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} + + insinto /etc + if ! use pam ; then + insopts -m0600 + doins etc/login.access etc/limits + fi + + # needed for 'useradd -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + # move passwd to / to help recover broke systems #64441 + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym /bin/passwd /usr/bin/passwd + + cd "${S}" + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + + set_login_opt CREATE_HOME yes + if ! use pam ; then + set_login_opt MAIL_CHECK_ENAB no + set_login_opt SU_WHEEL_ONLY yes + set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict + set_login_opt LOGIN_RETRIES 3 + set_login_opt ENCRYPT_METHOD SHA512 + set_login_opt CONSOLE + else + dopamd "${FILESDIR}"/pam.d-include/shadow + + for x in chpasswd chgpasswd newusers; do + newpamd "${FILESDIR}"/pam.d-include/passwd ${x} + done + + for x in chage chsh chfn \ + user{add,del,mod} group{add,del,mod} ; do + newpamd "${FILESDIR}"/pam.d-include/shadow ${x} + done + + # comment out login.defs options that pam hates + local opt sed_args=() + for opt in \ + CHFN_AUTH \ + CONSOLE \ + CRACKLIB_DICTPATH \ + ENV_HZ \ + ENVIRON_FILE \ + FAILLOG_ENAB \ + FTMP_FILE \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + MOTD_FILE \ + NOLOGINS_FILE \ + OBSCURE_CHECKS_ENAB \ + PASS_ALWAYS_WARN \ + PASS_CHANGE_TRIES \ + PASS_MIN_LEN \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + SU_WHEEL_ONLY + do + set_login_opt ${opt} + sed_args+=( -e "/^#${opt}\>/b pamnote" ) + done + sed -i "${sed_args[@]}" \ + -e 'b exit' \ + -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ + -e ': exit' \ + "${ED}"/etc/login.defs || die + + # remove manpages that pam will install for us + # and/or don't apply when using pam + find "${ED}"/usr/share/man \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -delete + + # Remove pam.d files provided by pambase. + rm "${ED}"/etc/pam.d/{login,passwd,su} || die + fi + + # Remove manpages that are handled by other packages + find "${ED}"/usr/share/man \ + '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \ + -delete + + cd "${S}" + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc + dodoc HOWTO README* WISHLIST *.txt +} + +pkg_preinst() { + rm -f "${EROOT}"/etc/pam.d/system-auth.new \ + "${EROOT}/etc/login.defs.new" +} + +pkg_postinst() { + # Enable shadow groups. + if [ ! -f "${EROOT}"/etc/gshadow ] ; then + if grpck -r -R "${EROOT}" 2>/dev/null ; then + grpconv -R "${EROOT}" + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + einfo "The 'adduser' symlink to 'useradd' has been dropped." +} |